Some pundits view IT security today as immature, insecure and out of control. Every organization should develop internal expertise in this area.
Qwik-Fix tries to prevent malware from attacking your computer by hardening Windows. In some cases, this fixes vulnerabilities months before Microsoft releases patches.
Think it's tough to exploit a buffer overflow in Windows? Download this tool and you might change your mind.
The Liberty Alliance Project, the non-profit trade group organized to develop open standards and tools for federated network identity, has added some more industry heavyweights to its ranks. Intel and Oracle were among seven organizations that joined as sponsor members recently.
RSA, Bsafe SWS-J, may spell relief for Java coders working on Web services applications. The new product provides security mechanisms based on the Oasis WS-Security standard that developers can simply add to their application.
From confidentiality, integrity, and availability to authentication, authorization, and audit, find out how you can employ best practices to make Web services secure.
The new version of Groove is more tightly integrated with Windows than ever before. It deserves a spot in any far-flung enterprise or extranet collaboration picture.
Anyone who needed another example of just how radically network security issues have shifted over the past few years must look no further than last week's recommendation from IT industry analysts at Gartner that corporations consider banning Apple Computer's wildly popular portable music player, the iPod, from the workplace.
Web services security is being built into everything from major Web app development platforms to integration and other software.
ADT's Programmers Report occasionally looks at security
issues from the point of view of source code analysis and better coding
practices. We recently met with Chris Wysopal, vice president of R&D for
@stake Inc., and thought he had a different take on this issue. What follows are
excerpts from an e-mail interview.
A recent security vulnerability suggests that maybe the once a month Microsoft
patch cycle wasn't such a good idea after all.
Fortify Software offers a high-end static analysis tool set dedicated to checking security issues.
JAAS is based on the Pluggable Authentication Modules model and provides authentication and authorization services. Check out its many security benefits for Java applications.
Microsoft is urging developers working on or maintaining applications running on Windows XP to get up to speed on Service Pack 2 (SP2), currently a Release Candidate 1 (RC1).
The Web Services Interoperability (WS-I) Organization has released the working-group draft of its Basic Security Profile for public comment.
There are lots of ways to think about good software. Is the balance seriously
off in recent years?
Don't leave application security for tomorrow.
Malicious exploitations of Windows vulnerabilities have become such a common occurrence that Gartner is advising its Windows-using customers to plan for them in their budgets.
Since 1996, security guru Dr. Gary McGraw has been admonishing software developers to consider threats and vulnerabilities early in the development cycle. For attackers, it's all about getting to exploitable code, McGraw believes, which ultimately puts the security onus on programmers.
CAS/Tester is an innovative product for the .NET developer that shows how your code will react under a variety of security limitations.